1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
/** @file
Implementation of _LongJump() on IA-32.
Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "BaseLibInternals.h"
/**
Restores the CPU context that was saved with SetJump().
Restores the CPU context from the buffer specified by JumpBuffer.
This function never returns to the caller.
Instead is resumes execution based on the state of JumpBuffer.
@param JumpBuffer A pointer to CPU context buffer.
@param Value The value to return when the SetJump() context is restored.
**/
__declspec (naked)
VOID
EFIAPI
InternalLongJump (
IN BASE_LIBRARY_JUMP_BUFFER *JumpBuffer,
IN UINTN Value
)
{
_asm {
mov eax, [PcdGet32 (PcdControlFlowEnforcementPropertyMask)]
test eax, eax
jz CetDone
_emit 0x0F
_emit 0x20
_emit 0xE0 ; mov eax, cr4
bt eax, 23 ; check if CET is enabled
jnc CetDone
mov edx, [esp + 4] ; edx = JumpBuffer
mov edx, [edx + 24] ; edx = target SSP
_emit 0xF3
_emit 0x0F
_emit 0x1E
_emit 0xC8 ; READSSP EAX
sub edx, eax ; edx = delta
mov eax, edx ; eax = delta
shr eax, 2 ; eax = delta/sizeof(UINT32)
_emit 0xF3
_emit 0x0F
_emit 0xAE
_emit 0xE8 ; INCSSP EAX
CetDone:
pop eax ; skip return address
pop edx ; edx <- JumpBuffer
pop eax ; eax <- Value
mov ebx, [edx]
mov esi, [edx + 4]
mov edi, [edx + 8]
mov ebp, [edx + 12]
mov esp, [edx + 16]
jmp dword ptr [edx + 20]
}
}
|